× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b7b8e369eb5ce43dec1ad511b8b8907f6f82807f6509756dfb6fa7e41443f0a
File name: 4b7b8e369eb5ce43dec1ad511b8b8907f6f82807f6509756dfb6fa7e41443f0a.exe
Detection ratio: 30 / 58
Analysis date: 2017-03-03 03:02:33 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Ransom.Cerber.JT 20170302
AegisLab Ml.Attribute.Gen!c 20170303
AhnLab-V3 Trojan/Win32.Cerber.C1823147 20170302
Arcabit Trojan.Ransom.Cerber.JT 20170303
AVG Ransom_r.BQX 20170302
Avira (no cloud) TR/Crypt.Xpack.pzdcw 20170303
AVware Trojan.Win32.Generic!BT 20170303
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9996 20170302
BitDefender Trojan.Ransom.Cerber.JT 20170303
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
DrWeb Trojan.Encoder.10390 20170303
Emsisoft Trojan.Ransom.Cerber.JT (B) 20170303
Endgame malicious (high confidence) 20170222
ESET-NOD32 Win32/Filecoder.Cerber.H 20170303
F-Secure Trojan.Ransom.Cerber.JT 20170303
Fortinet W32/Kryptik.FPCP!tr 20170303
GData Trojan.Ransom.Cerber.JT 20170303
Ikarus Trojan.Ransom.Cerber 20170302
Sophos ML virus.win32.parite.a 20170203
Kaspersky Trojan-Ransom.Win32.Zerber.cppa 20170302
Malwarebytes Ransom.Cerber 20170302
McAfee RDN/Generic.grp 20170303
McAfee-GW-Edition BehavesLike.Win32.Downloader.gc 20170302
eScan Trojan.Ransom.Cerber.JT 20170303
Rising Ransom.Cerber!8.3058 (cloud:HzIHWJgoLjP) 20170303
Sophos AV Mal/Generic-S 20170303
Symantec Trojan.Gen.8 20170302
VIPRE Trojan.Win32.Generic!BT 20170303
ViRobot Trojan.Win32.Cerber.480715[h] 20170302
Webroot Malicious 20170303
Alibaba 20170228
ALYac 20170302
Antiy-AVL 20170303
Avast 20170302
CAT-QuickHeal 20170302
ClamAV 20170302
CMC 20170302
Comodo 20170303
Cyren 20170303
F-Prot 20170303
Jiangmin 20170301
K7AntiVirus 20170302
K7GW 20170302
Kingsoft 20170303
Microsoft 20170303
NANO-Antivirus 20170303
nProtect 20170302
Panda 20170302
Qihoo-360 20170303
SUPERAntiSpyware 20170303
Tencent 20170303
TheHacker 20170302
TotalDefense 20170302
TrendMicro 20170302
TrendMicro-HouseCall 20170302
Trustlook 20170303
VBA32 20170302
WhiteArmor 20170222
Yandex 20170225
Zillya 20170302
Zoner 20170303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(C) 2007-2015

Product Kiwi 95
Internal name Kiwi 95
File version 2.5.3.402
Description Mdules Disorders Vms Identical
Comments Mdules Disorders Vms Identical
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-03-01 18:42:55
Entry Point 0x000075EB
Number of sections 5
PE sections
Overlays
MD5 fbfe0bda0e66d9d4d5676395fe6cfb81
File type data
Offset 478720
Size 1995
Entropy 7.90
PE imports
GetTokenInformation
OpenProcessToken
FreeSid
AllocateAndInitializeSid
LookupAccountSidA
EqualSid
capCreateCaptureWindowA
ImageList_Draw
ImageList_GetIconSize
GetOpenFileNameA
CryptCreateAsyncHandle
GdiFlush
SelectObject
TextOutW
SetTextColor
BitBlt
gluPerspective
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
FileTimeToSystemTime
GetFileAttributesA
GlobalFree
GetConsoleCP
GetOEMCP
LCMapStringA
WaitForSingleObject
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
UnhandledExceptionFilter
FindFirstChangeNotificationA
TlsGetValue
WideCharToMultiByte
ExitProcess
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetConsoleTitleA
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
SetStdHandle
GetFileTime
GetModuleHandleA
RaiseException
GetCPInfo
GetStringTypeA
SetFilePointer
FindFirstFileA
SetLastError
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
TerminateProcess
FindCloseChangeNotification
QueryPerformanceCounter
WriteConsoleA
IsValidCodePage
HeapCreate
WriteFile
GlobalAlloc
VirtualFree
FindClose
IsDebuggerPresent
Sleep
GetFileType
EnumDateFormatsA
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
WriteConsoleW
LeaveCriticalSection
CreateErrorInfo
SafeArrayAccessData
SafeArrayGetElement
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayCreate
LoadTypeLib
SysFreeString
SetErrorInfo
glClear
glMatrixMode
glClearColor
glLoadIdentity
SetupDiDestroyDriverInfoList
SHBindToParent
SHParseDisplayName
CreateDialogParamW
GetParent
UpdateWindow
GetScrollRange
SetLayeredWindowAttributes
EndDialog
BeginPaint
DrawStateA
OffsetRect
KillTimer
DestroyMenu
SetMenuContextHelpId
CheckMenuRadioItem
SetWindowPos
GetSystemMetrics
GetWindowRect
EndPaint
GetWindowLongA
SetRectEmpty
DrawTextExA
IsWindowEnabled
GetWindow
GetSysColor
GetDC
SetWindowLongA
GetCursorPos
SystemParametersInfoA
CreatePopupMenu
CheckMenuItem
GetMenu
DrawFocusRect
SendMessageA
GetClientRect
GetDlgItem
SetMenuDefaultItem
TrackPopupMenuEx
GetSubMenu
GetMenuState
GetFocus
DestroyWindow
gethostbyaddr
htons
connect
inet_addr
EnumerateLoadedModules
ProgIDFromCLSID
CoInitialize
OleInitialize
CoCreateGuid
StgOpenStorage
StringFromCLSID
CoTaskMemFree
PdhCollectQueryData
Number of PE resources by type
RT_ICON 6
ACCELERATORS 3
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 12
PE resources
Debug information
ExifTool file metadata
CodeSize
91136

SubsystemVersion
5.0

Comments
Mdules Disorders Vms Identical

Languages
English

InitializedDataSize
386560

ImageVersion
0.0

ProductName
Kiwi 95

FileVersionNumber
2.5.3.402

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

PrivateBuild
2.5.3.402

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.5.3.402

TimeStamp
2017:03:01 19:42:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Kiwi 95

ProductVersion
2.5.3.402

FileDescription
Mdules Disorders Vms Identical

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
(C) 2007-2015

MachineType
Intel 386 or later, and compatibles

CompanyName
Abbott Laboratories

LegalTrademarks
(C) 2007-2015

FileSubtype
0

ProductVersionNumber
2.5.3.402

EntryPoint
0x75eb

ObjectFileType
Executable application

File identification
MD5 fc2cbdeb255570eb1527f1da8c30aa5f
SHA1 c65fc393ecc25e4e97ddf08b8d5dc2967bfcb2fe
SHA256 4b7b8e369eb5ce43dec1ad511b8b8907f6f82807f6509756dfb6fa7e41443f0a
ssdeep
12288:0zIn4G1Uyz04K3gYrH7XBN8F+HRzGMyWM:y3Sr477XBNQ+Ha

authentihash b942acc8762b5e285a7fb52819cdfebde27985b6f014d71645142ef92bbd8410
imphash 685264e592ae454b4a701cd73c3be5eb
File size 469.4 KB ( 480715 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe suspicious-udp overlay

VirusTotal metadata
First submission 2017-03-02 01:09:13 UTC ( 1 year, 11 months ago )
Last submission 2017-03-02 07:23:03 UTC ( 1 year, 11 months ago )
File names 4b7b8e369eb5ce43dec1ad511b8b8907f6f82807f6509756dfb6fa7e41443f0a.exe
Kiwi 95
4b7b8e369eb5ce43dec1ad511b8b8907f6f82807f6509756dfb6fa7e41443f0a.exe
search.php.exe.bin
4b7b8e369eb5ce43dec1ad511b8b8907f6f82807f6509756dfb6fa7e41443f0a.exe
4b7b8e369eb5ce43dec1ad511b8b8907f6f82807f6509756dfb6fa7e41443f0a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
UDP communications